Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Add CAN_VIEW permission for SQL warehouse #4464

Merged
merged 7 commits into from
Mar 30, 2025
Merged

[Feature] Add CAN_VIEW permission for SQL warehouse #4464

merged 7 commits into from
Mar 30, 2025

Conversation

jiabin-hu
Copy link
Contributor

@jiabin-hu jiabin-hu commented Feb 3, 2025
edited
Loading

Changes

Add CAN_VIEW permission for SQL warehouse

Tests

Locally installed and tested. See the following output:

% terraform apply -var="databricks_host=REDACTED"  -var="databricks_token=REDACTED"
databricks_sql_endpoint.sql_warehouse: Refreshing state... [id=REDACTED]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # databricks_permissions.sql_warehouse_usage will be created
  + resource "databricks_permissions" "sql_warehouse_usage" {
      + id              = (known after apply)
      + object_type     = (known after apply)
      + sql_endpoint_id = "REDACTED"

      + access_control {
          + permission_level = "CAN_VIEW"
          + user_name        = "REDACTED"
        }
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

databricks_permissions.sql_warehouse_usage: Creating...
databricks_permissions.sql_warehouse_usage: Creation complete after 2s [id=/sql/warehouses/REDACTED]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.

Outputs:

warehouse_id = "REDACTED"
  • make test run locally
  • relevant change in docs/ folder
  • covered with integration tests in internal/acceptance
  • [no] using Go SDK
  • using TF Plugin Framework

@jiabin-hu jiabin-hu requested review from a team as code owners February 3, 2025 23:39
@jiabin-hu jiabin-hu requested review from parthban-db and removed request for a team February 3, 2025 23:39
alexott
alexott reviewed Feb 4, 2025
View reviewed changes
@alexott alexott changed the title Add CAN_MONITOR_ONLY permission for SQL warehouse [Feature] Add CAN_MONITOR_ONLY permission for SQL warehouse Feb 4, 2025
@alexott alexott changed the title [Feature] Add CAN_MONITOR_ONLY permission for SQL warehouse [Feature] Add CAN_MONITOR_ONLY permission for SQL warehouse Feb 4, 2025
@alexott alexott temporarily deployed to test-trigger-is February 4, 2025 15:58 — with GitHub Actions Inactive
@alexott alexott temporarily deployed to test-trigger-is February 6, 2025 02:54 — with GitHub Actions Inactive
@alexott alexott enabled auto-merge February 6, 2025 02:55
@alexott
Copy link
Contributor

alexott commented Feb 6, 2025

This is a private preview feature so it's failing on integration tests

@jiabin-hu
Copy link
Contributor Author

This is a private preview feature so it's failing on integration tests

Yes it's in private preview now, but going on public preview soon. I can hold off the PR until PuPr.

auto-merge was automatically disabled March 19, 2025 22:56

Head branch was pushed to by a user without write access

@jiabin-hu jiabin-hu changed the title [Feature] Add CAN_MONITOR_ONLY permission for SQL warehouse [Feature] Add CAN_VIEW permission for SQL warehouse Mar 19, 2025
@jiabin-hu jiabin-hu temporarily deployed to test-trigger-is March 20, 2025 07:51 — with GitHub Actions Inactive
@alexott alexott requested a review from Copilot March 20, 2025 16:01
Copilot
Copilot AI reviewed Mar 20, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds support for the new "CAN_VIEW" permission level for SQL warehouses.

  • Added "CAN_VIEW" permission in permission_definitions.go.
  • Updated acceptance tests to include "CAN_VIEW" in test cases.
  • Updated documentation and changelog to reflect the new permission support.

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
permissions/permission_definitions.go Introduces "CAN_VIEW" with isManagementPermission set to false.
NEXT_CHANGELOG.md Documents support for "CAN_VIEW" permission.
permissions/permissions_test.go Updates tests to include "CAN_VIEW" permission level.
docs/resources/permissions.md Updates documentation on SQL warehouse permissions.

@alexott alexott temporarily deployed to test-trigger-is March 26, 2025 17:16 — with GitHub Actions Inactive
@alexott alexott enabled auto-merge March 28, 2025 20:00
@github-actions GitHub Actions
Copy link

If integration tests don't run automatically, an authorized user can run them manually by following the instructions below:

Trigger:
go/deco-tests-run/terraform

Inputs:

  • PR number: 4464
  • Commit SHA: b1f694d82bc437bfefb0bfb933231f7947f454e1

Checks will be approved automatically on success.

@nkvuong nkvuong temporarily deployed to test-trigger-is March 29, 2025 02:02 — with GitHub Actions Inactive
@alexott alexott added this pull request to the merge queue Mar 30, 2025
Merged via the queue into databricks:main with commit a76703c Mar 30, 2025
12 checks passed
deco-sdk-tagging bot added a commit that referenced this pull request Apr 1, 2025
@deco-sdk-tagging
[Release] Release v1.71.0
982b5cb 
## Release v1.71.0

### New Features and Improvements

 * Mark GKE-related fields for `databricks_mws_workspaces` and `databricks_mws_networks` as deprecated([#4531](#4531)).
 * Add support for `CAN_VIEW` permission level in `databricks_permissions`, which can be assigned to `databricks_sql_endpoint` ([#4464](#4464)).
 * Add support for `aws-us-gov-dod` (AWS Govcloud DoD shard) ([#4594](5ac0111))

### Bug Fixes

 * Recreate `databricks_access_control_rule_set` when the `name` changes ([#4572](#4572)).
 * Avoid timeouts during `databricks_mount` state refresh and creation ([#4590](#4590)).

### Documentation

 * Improve documentation for `databricks_access_control_rule_set` ([#4580](#4580)).
 * Correct `first_on_demand` documentation for `aws_attributes` in `databricks_cluster`.
 * Added file events permissions to GCP external location documentation. ([#4415](#4415)).
 * Improve description of `metric` field in `databricks_job` resource [#4595](#4595)

### Exporter

 * Add support for special selectors in `-listing` and `-services` [#4573](#4573)
 * Fix incorrect reference to model serving endpoint [#4588](#4588)
 * Allow the selective export of `databricks_mws_permission_assignment`, and change its service name to `idfed` instead of `access` ([#4571](#4571))
  * Fix panic caused by incorrect values in the cluster policies ([#4585](#4585))

### Internal Changes

* Bump Go SDK version to 0.61.0 ([#4602](#4602))
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@alexott alexott alexott approved these changes

@parthban-db parthban-db Awaiting requested review from parthban-db parthban-db is a code owner automatically assigned from databricks/eng-plat-auto-exp-reviewers

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@jiabin-hu @alexott @nkvuong